Vulnerabilities > CVE-2018-14719 - Deserialization of Untrusted Data vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4452.NASL description Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 125416 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125416 title Debian DSA-4452-1 : jackson-databind - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4452. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(125416); script_version("1.2"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2019-12086"); script_xref(name:"DSA", value:"4452"); script_name(english:"Debian DSA-4452-1 : jackson-databind - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code." ); # https://security-tracker.debian.org/tracker/source-package/jackson-databind script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?61134ddf" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/jackson-databind" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4452" ); script_set_attribute( attribute:"solution", value: "Upgrade the jackson-databind packages. For the stable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u5." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jackson-databind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"libjackson2-databind-java", reference:"2.8.6-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"libjackson2-databind-java-doc", reference:"2.8.6-1+deb9u5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2019-DF57551F6D.NASL description Fixes CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023 CVE-2018-14720 CVE-2018-14721 and CVE-2016-7051. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122290 published 2019-02-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122290 title Fedora 29 : bouncycastle / eclipse-jgit / eclipse-linuxtools / etc (2019-df57551f6d) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-df57551f6d. # include("compat.inc"); if (description) { script_id(122290); script_version("1.3"); script_cvs_date("Date: 2020/02/12"); script_cve_id("CVE-2016-7051", "CVE-2018-1000873", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362"); script_xref(name:"FEDORA", value:"2019-df57551f6d"); script_name(english:"Fedora 29 : bouncycastle / eclipse-jgit / eclipse-linuxtools / etc (2019-df57551f6d)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Fixes CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023 CVE-2018-14720 CVE-2018-14721 and CVE-2016-7051. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-df57551f6d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bouncycastle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-jgit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-linuxtools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-annotations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-bom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-databind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-dataformat-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-dataformats-binary"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-dataformats-text"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-datatype-jdk8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-datatype-joda"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-datatypes-collections"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-jaxrs-providers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-module-jsonSchema"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-modules-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-parent"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"bouncycastle-1.61-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"eclipse-jgit-5.2.0-4.fc29")) flag++; if (rpm_check(release:"FC29", reference:"eclipse-linuxtools-7.1.0-3.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-annotations-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-bom-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-core-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-databind-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-dataformat-xml-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-dataformats-binary-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-dataformats-text-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-datatype-jdk8-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-datatype-joda-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-datatypes-collections-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-jaxrs-providers-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-module-jsonSchema-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-modules-base-2.9.8-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"jackson-parent-2.9.1.2-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bouncycastle / eclipse-jgit / eclipse-linuxtools / etc"); }
NASL family Databases NASL id ORACLE_RDBMS_CPU_OCT_2019.NASL description The remote Oracle Database Server is missing the October 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an unauthenticated, remote attacker to manipulate Java VM accessible data. (CVE-2019-2909) - An unspecified vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server, which could allow an authenticated, remote attacker to cause a denial of serivce of Core RDBMS. (CVE-2019-2956) - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an authenticated, remote attacker to read a subset of Core RDBMS accessible data. (CVE-2019-2913) It is also affected by additional vulnerabilities; see the vendor advisory for more information. last seen 2020-06-02 modified 2019-10-18 plugin id 130058 published 2019-10-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130058 title Oracle Database Server Multiple Vulnerabilities (Oct 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(130058); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2018-2875", "CVE-2018-8034", "CVE-2018-11784", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-1000873", "CVE-2019-2734", "CVE-2019-2909", "CVE-2019-2913", "CVE-2019-2939", "CVE-2019-2940", "CVE-2019-2954", "CVE-2019-2955", "CVE-2019-2956" ); script_name(english:"Oracle Database Server Multiple Vulnerabilities (Oct 2019 CPU)"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle Database Server is missing the October 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an unauthenticated, remote attacker to manipulate Java VM accessible data. (CVE-2019-2909) - An unspecified vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server, which could allow an authenticated, remote attacker to cause a denial of serivce of Core RDBMS. (CVE-2019-2956) - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an authenticated, remote attacker to read a subset of Core RDBMS accessible data. (CVE-2019-2913) It is also affected by additional vulnerabilities; see the vendor advisory for more information."); # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixDB script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fb3a89d4"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2019 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date",value:"2019/10/15"); script_set_attribute(attribute:"patch_publication_date",value:"2019/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/18"); script_set_attribute(attribute:"plugin_type",value:"combined"); script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); patches = make_nested_array(); # RDBMS 19.5.0.0 patches["19.5.0.0"]["db"]["nix"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30125133"); patches["19.5.0.0"]["db"]["win"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30151705"); # RDBMS 19.4.1.0 patches["19.4.1.0"]["db"]["nix"] = make_array("patch_level", "19.4.1.0.191015", "CPU", "30080447"); # RDBMS 19.3.2.0 patches["19.3.2.0"]["db"]["nix"] = make_array("patch_level", "19.3.2.0.191015", "CPU", "30087906"); # RDBMS 18.8.0.0 patches["18.8.0.0"]["db"]["nix"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30112122"); patches["18.8.0.0"]["db"]["win"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30150321"); # RDVMS 18.7.0.0 patches["18.7.0.0"]["db"]["nix"] = make_array("patch_level", "18.7.0.0.191015", "CPU", "30080518"); # RDBMS 18.6.0.0 patches["18.6.0.0"]["db"]["nix"] = make_array("patch_level", "18.6.0.0.191015", "CPU", "30087881"); # RDBMS 12.2.0.1 patches["12.2.0.1"]["db"]["nix"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30087824, 30087848, 30138470"); patches["12.2.0.1"]["db"]["win"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30150416"); # RDBMS 12.1.0.2 patches["12.1.0.2"]["db"]["nix"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "29972716, 29918340"); patches["12.1.0.2"]["db"]["win"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30049606"); # RDBMS 11.2.0.4 patches["11.2.0.4"]["db"]["nix"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30070157, 29913194, 30237239"); patches["11.2.0.4"]["db"]["win"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30151661"); # OJVM 19.5.0.0 patches["19.5.0.0"]["ojvm"]["nix"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30128191"); # OJVM 18.8.0.0 patches["18.8.0.0"]["ojvm"]["nix"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30133603"); # OJVM 12.2.0.1 patches["12.2.0.1"]["ojvm"]["nix"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30133625"); patches["12.2.0.1"]["ojvm"]["win"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30268021"); # OJVM 12.1.0.2 patches["12.1.0.2"]["ojvm"]["nix"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30128197"); patches["12.1.0.2"]["ojvm"]["win"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30268189"); # OJVM 11.2.0.4 patches["11.2.0.4"]["ojvm"]["nix"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30132974"); patches["11.2.0.4"]["ojvm"]["win"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30268157"); check_oracle_database(patches:patches, high_risk:TRUE);
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1703.NASL description Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 122603 published 2019-03-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122603 title Debian DLA-1703-1 : jackson-databind security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1703-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(122603); script_version("1.2"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362"); script_name(english:"Debian DLA-1703-1 : jackson-databind security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8 'Jessie', these problems have been fixed in version 2.4.2-2+deb8u5. We recommend that you upgrade your jackson-databind packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/jackson-databind" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjackson2-databind-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libjackson2-databind-java", reference:"2.4.2-2+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libjackson2-databind-java-doc", reference:"2.4.2-2+deb8u5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CGI abuses NASL id ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2019.NASL description According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.6 or 17.x prior to 17.12.9.2 or 18.x prior to 18.8.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file upload vulnerability exists in Blueimp jQuery-File-Upload. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote host subject to the privileges of the user. - A remote command execution vulnerability exists in jackson-databind due to a failure to block various classes from polymorphic deserialization. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2018-14718, CVE-2018-14719 CVE-2018-14720, CVE-2018-14721) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 121251 published 2019-01-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121251 title Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(121251); script_version("1.7"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2018-9206", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721" ); script_name(english:"Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)"); script_summary(english:"Checks the version of Oracle Primavera Unifier."); script_set_attribute(attribute:"synopsis", value: "An application running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.6 or 17.x prior to 17.12.9.2 or 18.x prior to 18.8.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file upload vulnerability exists in Blueimp jQuery-File-Upload. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote host subject to the privileges of the user. - A remote command execution vulnerability exists in jackson-databind due to a failure to block various classes from polymorphic deserialization. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2018-14718, CVE-2018-14719 CVE-2018-14720, CVE-2018-14721) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?799b2d05"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle Primavera Unifier version 16.2.15.6 / 17.12.9.2 / 18.8.4.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9206"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"jQuery File Upload"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'blueimps jQuery (Arbitrary) File Upload'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_unifier"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_primavera_unifier.nbin"); script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic"); script_require_ports("Services/www", 8002); exit(0); } include("http.inc"); include("vcf.inc"); get_install_count(app_name:"Oracle Primavera Unifier", exit_if_zero:TRUE); port = get_http_port(default:8002); get_kb_item_or_exit("www/weblogic/" + port + "/installed"); app_info = vcf::get_app_info(app:"Oracle Primavera Unifier", port:port); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "16.1.0.0", "fixed_version" : "16.2.15.6" }, { "min_version" : "17.1.0.0", "fixed_version" : "17.12.9.2" }, { "min_version" : "18.8.0.0", "fixed_version" : "18.8.4.1" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://access.redhat.com/errata/RHBA-2019:0959
- https://access.redhat.com/errata/RHSA-2019:0782
- https://access.redhat.com/errata/RHSA-2019:0877
- https://access.redhat.com/errata/RHSA-2019:1782
- https://access.redhat.com/errata/RHSA-2019:1797
- https://access.redhat.com/errata/RHSA-2019:1822
- https://access.redhat.com/errata/RHSA-2019:1823
- https://access.redhat.com/errata/RHSA-2019:2804
- https://access.redhat.com/errata/RHSA-2019:2858
- https://access.redhat.com/errata/RHSA-2019:3002
- https://access.redhat.com/errata/RHSA-2019:3140
- https://access.redhat.com/errata/RHSA-2019:3149
- https://access.redhat.com/errata/RHSA-2019:3892
- https://access.redhat.com/errata/RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson-databind/issues/2097
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
- https://seclists.org/bugtraq/2019/May/68
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://www.debian.org/security/2019/dsa-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHBA-2019:0959
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.debian.org/security/2019/dsa-4452
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://seclists.org/bugtraq/2019/May/68
- https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://github.com/FasterXML/jackson-databind/issues/2097
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- https://access.redhat.com/errata/RHSA-2019:4037
- https://access.redhat.com/errata/RHSA-2019:3892
- https://access.redhat.com/errata/RHSA-2019:3149
- https://access.redhat.com/errata/RHSA-2019:3140
- https://access.redhat.com/errata/RHSA-2019:3002
- https://access.redhat.com/errata/RHSA-2019:2858
- https://access.redhat.com/errata/RHSA-2019:2804
- https://access.redhat.com/errata/RHSA-2019:1823
- https://access.redhat.com/errata/RHSA-2019:1822
- https://access.redhat.com/errata/RHSA-2019:1797
- https://access.redhat.com/errata/RHSA-2019:1782
- https://access.redhat.com/errata/RHSA-2019:0877
- https://access.redhat.com/errata/RHSA-2019:0782